CVE-2017-2706

Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service...

Directory traversal

Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service...

CVE-2017-2706

Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service...

RubyGems 2.6.13 - Arbitrary File Overwrite

RubyGems 2.6.13 - Arbitrary File Overwrite There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a...

RubyGems < 2.6.13 - Arbitrary File Overwrite

There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a malicious file. Proof of Concept 1: Create a fil...

Huawei Mate 9 Push module directory traversal vulnerability

Huawei Mate 9 is a smartphone from Chinese company Huawei.Push module is one of the message push modules. A directory traversal vulnerability exists in the Push module in Huawei Mate 9 version MHA-AL00AC00B125 due to the program not checking the file name when compressing the file. An attacker...

CIA's Pandemic Toolkit

WikiLeaks is still dumping CIA cyberweapons on the Internet. Its latest dump is something called "Pandemic": The Pandemic leak does not explain what the CIA's initial infection vector is, but does describe it as a persistent implant. "As the name suggests, a single computer on a local network wit...

Avast Free Antivirus Multiple Vulnerabilities

Avast Free Antivirus is prone to multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

Unauthorised File Editing Or Replacement

salt has a flaw that can lead to unauthorized file editing or replacement. This is possible because it does not validate the file path input to the sed method. Therefore, it does not properly search and replace on given filename , leading to unintended unauthorized file editing or replacement...

MS14-069: Description of the security update for Microsoft Word Viewer: November 11, 2014

MS14-069: Description of the security update for Microsoft Word Viewer: November 11, 2014 INTRODUCTION Microsoft has released security bulletin MS14-069. To learn more about this security bulletin: Home users: https://www.microsoft.com/security/pc-security/updates.aspxSkip the details: Download t...

MS12-060: Description of the security update for SQL Server 2000 Service Pack 4 QFE: August 14, 2012

MS12-060: Description of the security update for SQL Server 2000 Service Pack 4 QFE: August 14, 2012 View products that this article applies to.Microsoft has released the security bulletin MS12-060. You can view the complete security bulletin by going to of the following Microsoft websites: Home...

Code injection

WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local...

Updated tar packages fix security vulnerability

Harry Sintonen discovered that GNU tar does not properly handle member names containing '..', thus allowing an attacker to bypass the path names specified on the command line and replace files and directories in the target directory CVE-2016-6321...

MGASA-2016-0386 Updated tar packages fix security vulnerability

Harry Sintonen discovered that GNU tar does not properly handle member names containing '..', thus allowing an attacker to bypass the path names specified on the command line and replace files and directories in the target directory CVE-2016-6321...

Firefox ESR < 38.3 Multiple Vulnerabilities

The version of Firefox ESR installed on the remote Windows host is prior to 38.3. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to...

USN-2649-1 devscripts vulnerability

It was discovered that the uupdate tool incorrectly handled symlinks. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly replace arbitrary files, leading to a privilege escalation...

CVE-2014-4817

The server in IBM Tivoli Storage Manager TSM 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename...

Serv-U <= 7.3 - Remote FTP File Replacement Vulnerability (auth)

No description provided by source. Serv-U = 7.2.0.1 / 7.3 ftp file replacement user must have upload permissions x dmnt 2008-10-01 220 Serv-U FTP Server v7.3 ready... user test 331 User name okay, need password. pass test 230 User logged in, proceed. rnfr anyexistfile.ext 350 File or directory...

Firefox 3.5.3 - Local Download Manager Temp File Creation

No description provided by source. / getunique.c AKA Mozilla Firefox 3.5.3 Local Download Manager Exploit Jeremy Brown [email protected] // jbrownsec.blogspot.com // krakowlabs.com 10.28.2009 When downloading files through Firefox and choosing the Open with option, Firefox will create a...

KLA10027 ACE vulnerability in Foxit Reader

Unspecified vulnerability was found in Foxit Reader. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited locally at a point related to imgseg.dll via file replacement. Original advisories Foxit bulletin Related products Foxit-Reader CVE...